[Cryptography] Great moments in Bitcoin security
Dave Horsfall
dave at horsfall.org
Tue Jun 2 17:49:23 EDT 2015
Seen in SANS Vol 17 No 43:
--Blockchain Updates Android App to Fix Flaws
(May 29 & June 1, 2015)
Bitcoin wallet Blockchain has issued an update for its Android app to
address several issues that can cause users to send Bitcoins to the
incorrect address. The random number generator Blockchain uses recently
switched to HTTPS and began returning a "moved permanently" or 301 error
when apps requested a random number through HTTP, so instead of generating
a number, Blockchain used "301" to generate private keys no matter which
address users specified.
http://www.theregister.co.uk/2015/06/01/blockchain_app_shows_how_not_to_code/
http://arstechnica.com/security/2015/05/crypto-flaws-in-blockchain-android-app-sent-bitcoins-to-the-wrong-address/
Oops...
--
Dave Horsfall DTM (VK2KFU) "Those who don't understand security will suffer."
http://www.horsfall.org/spam.html (and check the home page whilst you're there)
More information about the cryptography
mailing list